I bought my wife a Kindle Fire for Christmas. After a couple of days hesitation with the device, she really got into it, and now, really likes it. Small, easy to carry and for her AND the kids to use, it’s become a standard in her daily gadget line up. In fact, neither her nor the kids have it far from them during the day. Clearly, a sign of a good purchase and gift decision on my part.

However, the tablet, and subsequently Amazon’s ecosystem, have a major flaw in them; and it’s one that you won’t even bump into unless you either have kids that share your Fire or you lose/misplace the device – it has absolutely NO purchase controls.

If you order the device directly from Amazon, the device comes in a clearly MARKED box and comes preactivated with links directly to your credit card and your account. Anyone smart enough to intercept the shipment will have the ability to purchase away inside of Amazon’s online store, with YOU responsible for all of the purchases.

Strike one – Pre-activation

The device itself doesn’t have any method, or way of either excluding your purchasing credentials/credit card info or even password protecting all purchases with your Amazon.com site password. If you have the device, again, you have direct access to your account, and as long as you have money in your debit account, available credit on your card, etc., anyone possessing the device can make all the purchases they want.

Strike two – Have device, can purchase

When I confronted Amazon with this HUGE security (and frankly, clearly common sense) hole, they let me know that Amazon addressed this by putting a password on Wi-Fi access, so if you wanted to prevent purchases, you could password protect the device’s ability to get online.

This made me to a double take; and really ticked me off.

Strike three – Failure to address the specific issue: Purchase control

I think Amazon wants to differentiate themselves in the tablet market by giving their users the clear ability to purchase anything and everything they would want or need on the Kindle Fire without having to enter a password. Really..?! Am I the only one who sees this huge security hole? I give them points for wanting this to be easy, but talk about your advanced identity theft tools..! Apparently, all I need to steal someone’s credit is not their credit card number, their social security number or any of their personal, private information. All I really need is their Kindle Fire.

Nice.

Let’s forget the real world scenario that I bumped into with my 4 year old ordering an entire season’s worth of Olivia, and that I just want to gate purchases on the device with the linked account’s Amazon password (which you see on every Apple iDevice in town, including the iPad). According to Amazon, this is unreasonable. It’s also something they are NOT going to address.

They’ve given users the ability to limit the use of Wi-Fi instead. You need Wi-Fi to make purchases. With Wi-Fi password protected, you can’t purchase new content. That’s true; but it also fails to address the problem. The Kindle Fire is a content streaming device.

Amazon Prime’s streaming service requires an internet connection. The Fire is a Wi-Fi only device, and in order to view/stream content that I’ve already purchased, Wi-Fi must be on. Effectively want Amazon is telling me is that I have to unlock Wi-Fi every time my child wants to view content that’s already been purchased…and once they are streaming content, I have to watch them watch it so that they don’t go looking for something else.

But, as I said, let’s forget this and the fact that its backwards.

The unlocked device represents a huge security hole. Amazon needs to address this with a software update and needs to require the account holder’s Amazon password for all purchases and not for Wi-Fi access. Until it does, Kindle Fire, and really ALL Kindle owners, need to be careful about where they store their Kindle, who has access to the device, and who is using it. You could find yourself the recipient of a HUGE content bill if your kids, or worse, a thief, happen to get a hold of your device and make unauthorized purchases.

NOTHING you can do, either on the web site or on the device, aside from crippling it, can prevent unauthorized purchases; and this is clearly documented by a number of different complaints and posts in Amazon’s own forums.